Bug#533285: inn2: nnrpd crashes when retrieving entire thread

Julien ÉLIE julien at trigofacile.com
Tue Jun 16 20:13:12 UTC 2009


Hi Russ,

> This is not a correct fix.  It might be worthwhile to do a sanity check
> against strlen of the field

OK, it's indeed better.


> Retrieval of extended overview fields can't be done by index; it has to
> be done by walking the extended overview fields and doing string
> comparisons against the desired header name.  The interface to
> overview_getheader() is therefore wrong, since it takes only an index.
> The API needs to change so that it takes the name of the desired header
> field instead and searches the extended header fields for the correct
> field.

We currently have:

char *
overview_getheader(const struct cvector *vector, unsigned int element,
     const struct vector *extra)

We then just have to add a "const char *field".  But couldn't we keep
the element number?  (Otherwise, we would also have to walk the
mandatory fields -- and to change "Lines" and "Bytes" to respectively
":lines" and ":bytes".)


> Once it's rewritten to do that, the above sanity check wouldn't be
> necessary, so there's probably no point in making the partial solution.

Yep.


> xstrndup() got a perfectly valid size.  It's a very large size, but
> there wasn't anything invalid about it.  The API takes a size_t, which
> is unsigned.

All right, it is true that the log says "failed to strndup 4294967278 bytes"
(so the signed int was cast to an unsigned int).

-- 
Julien ÉLIE

« Quand on sait que le pied vaut environ 33 cm et que l'alexandrin
  compte 12 pieds, il est facile de calculer qu'un stade vaut
  environ 42 alexandrins. » (Astérix) 




More information about the inn-workers mailing list